Menu

Encrypt Maven Credentials

Goal

We want to access our company’s institutional repository in a secure fashion

Description

When we use a maven repository that requires authentication, such as when we are using a company’s institutional Maven repository, the user needs to specify her credentials in order to be able to access the assets stored in it. However, if we are not careful about doing so, we may let others discover our credentials, because, unless we take our precautions, they are stored in plain text. Therefore, we need to take care of this by encrypting our password before setting it in the settings.xml file

How to

First, we have to create an encrypted master password, used to encrypt our password that accesses the remote repository. To do so, we need to start by creating the encrypted master password:

read -s p; mvn --encrypt-master-password [password]; unset p

With the previous command, we will produce an encrypted version of the master password we typed. The result of the previous statement should then be added to a file named settings-security.xml, stored in our maven directory, such as $HOME/.m2/settings-security.xml, with a content similar to:

At this point, we are ready to encrypt our server’s password. To do so, we now execute the statement below:

read -s p; mvn --encrypt-password [password]; unset p

Which will produce an encrypted version of the password we specified, using our encrypted master password. Finally, we add our credentials to the appropriate section in our settings.xml file and we are ready to rock! E.g.,

Explanations

This is an easy but still useful tip on how to use maven’s security features to keep us on the safe side. Do not store your credentials unencrypted because anyone accessing your computer will discover your “secret”. Click here if you want to know more